Hey I’m pretty new to php.
I wrote this module that will add a “like” feature to phpbb and I’m just about to let it go live (been testing on xampp for a while). I know since I am new to php that I don’t have the best understanding of security when it comes to accessing my database and I feel my current code is probably weak. How would you guys improve this?
This is my post like file that stores the like in the database when someone clicks the like button. An ajax query is called and sends the data via the url aka: url/index.php?value=(ValGeneratedByJS).. ect.
[CODE]
<?php
include “like.php”;
$val = $_GET[“value”];
$liker = $_GET[“liker”];
$likee = $_GET[“likee”];
$post = $_GET[“post”];
$topic = $_GET[“topic”];
$forum = $_GET[“forum”];
if(!empty($val) && !empty($liker) && !empty($likee) && !empty($post) && !empty($topic) && !empty($forum)) {
if($liker == $likee)
exit;
$like = new Phpbb_Like($val, $liker, $likee, $post, $topic, $forum);
$like->save(Connect());
}
This is my retrieve like file it also gets the information via a url appended var: url/thisfile.php?topic=(TopicVa) also applied by JS/jQuery
[CODE]
<?php
include(“like.php”);
$topic = $_GET[“topic”];
GetLikesBy(“topic”, $topic);
I think my store like method is not safe but the retrieve should be fine? Really I’m not sure though.